Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 904895 - <sys-apps/portage-3.0.47: dispatch-conf race condition with chmod on log file access
Summary: <sys-apps/portage-3.0.47: dispatch-conf race condition with chmod on log file...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: ?? [stable?]
Keywords: InVCS, PATCH
Depends on: 903973
  Show dependency tree
Reported: 2023-04-23 18:59 UTC by Hanno Böck
Modified: 2023-04-30 13:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

patch (portage-dispatch-conf-race.diff,666 bytes, patch)
2023-04-23 18:59 UTC, Hanno Böck
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2023-04-23 18:59:25 UTC
Created attachment 860666 [details, diff]

dispatch-conf contains the following code to create the log file:

                open(self.options["log-file"], "w").close()  # Truncate it
                os.chmod(self.options["log-file"], 0o600)

This is insecure, as the file is first created with public readable permissions, and then the file permissions are changed. A malicious user could open the file in that window and read it once content is written to it.

To reproduce:
1. make sure no dispatch-conf.log exists
2. run fpracer script from as an unprivileged user with "./fpracer /var/log/dispatch-conf.log"
3. uncomment "log-file=/var/log/dispatch-conf.log" in /etc/dispatch-conf.conf
4. as root, run dispatch-conf and merge any new config

The user will see content of non-world-readable log file.

I consider this a low severity security issue, as the impact is limited and certain conditions need to be met for it to be exploitable. But still it should be fixed. See attached patch.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-04-23 19:14:41 UTC
Thanks Hanno.

Would you mind submitting it as a PR to, attaching a git-amable patch here, or using git-send-email to the gentoo-portage-dev mailing list?
Comment 2 Hanno Böck gentoo-dev 2023-04-24 14:06:32 UTC
PR created:
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 04:45:25 UTC
commit 4cc3e2d39a39b422074de49e88261cdf717292d5
Author: Hanno Böck <>
Date:   Mon Apr 24 16:03:28 2023 +0200

    dispatch-conf: Avoid race when accessing log file

    First creating the file and then running chmod creates a security
    risk where a user could access the file. Avoid this by enforcing
    the file permissions via umask.

    Signed-off-by: Hanno Böck <>
    Signed-off-by: Sam James <>
Comment 4 Larry the Git Cow gentoo-dev 2023-04-30 04:14:19 UTC
The bug has been closed via the following commit(s):

commit 5b3c80502e96406b4b175e2ee79eb65f3f3cd9f6
Author:     Sam James <>
AuthorDate: 2023-04-30 04:13:31 +0000
Commit:     Sam James <>
CommitDate: 2023-04-30 04:13:36 +0000

    sys-apps/portage: add 3.0.47
    Signed-off-by: Sam James <>

 sys-apps/portage/Manifest              |   1 +
 sys-apps/portage/portage-3.0.47.ebuild | 285 +++++++++++++++++++++++++++++++++
 2 files changed, 286 insertions(+)